Apple has released emergency security updates to combat a new zero-day bug in its WebKit browser engine that is allowing threat actors to execute arbitrary code on vulnerable versions of iPads, iPhones, and MacOS devices. Apple said that it was aware of reports that this bug may have been actively exploited by cyber criminals. This zero-day patched by Apple is indexed as CVE-2022-22620. It’s a use-after-free vulnerability in WebKit resulting in the execution of arbitrary code after processing maliciously crafted web content on devices with iPadOS and on iOS that are vulnerable versions.
Many people are still blissfully unaware that Apple devices can even have bugs that can potentially risk their security and privacy. The notorious Pegasus malware has caused many a headache for Apple developers and proved vulnerabilities can be dangerously exploited. The simplicity of such an attack to occur after just visiting a website should bring home the scale of this possible attack but luckily Apple were quick to react. It is vital to keep operating systems on Apple devices up to date and to have auto updates on for apps where possible.